Overview

overview

3

Static

static

1

dheater-0.4.3.zip

windows7-x64

1

dheater-0.4.3.zip

windows10-2004-x64

1

dheater-0....ragerc

windows7-x64

3

dheater-0....ragerc

windows10-2004-x64

3

dheater-0....ignore

windows7-x64

3

dheater-0....ignore

windows10-2004-x64

3

dheater-0....ignore

windows7-x64

3

dheater-0....ignore

windows10-2004-x64

3

dheater-0....ci.yml

windows7-x64

3

dheater-0....ci.yml

windows10-2004-x64

3

dheater-0....lintrc

windows7-x64

3

dheater-0....lintrc

windows10-2004-x64

3

dheater-0....erfile

windows7-x64

1

dheater-0....erfile

windows10-2004-x64

1

dheater-0....SE.txt

windows7-x64

1

dheater-0....SE.txt

windows10-2004-x64

1

dheater-0....EST.in

windows7-x64

3

dheater-0....EST.in

windows10-2004-x64

3

dheater-0....DME.md

windows7-x64

3

dheater-0....DME.md

windows10-2004-x64

3

dheater-0....25.pem

windows7-x64

3

dheater-0....25.pem

windows10-2004-x64

3

dheater-0....48.pem

windows7-x64

3

dheater-0....48.pem

windows10-2004-x64

3

dheater-0....75.pem

windows7-x64

3

dheater-0....75.pem

windows10-2004-x64

3

dheater-0....72.pem

windows7-x64

3

dheater-0....72.pem

windows10-2004-x64

3

dheater-0....25.pem

windows7-x64

3

dheater-0....25.pem

windows10-2004-x64

3

dheater-0....96.pem

windows7-x64

3

dheater-0....96.pem

windows10-2004-x64

3

Analysis

  • max time kernel
    103s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 15:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dheater-0.4.3/data/dhparam-ffdhe-4096-openssl-325.pem

  • Size

    774B

  • MD5

    b938d72601fdf6b32ded47eeccfb9209

  • SHA1

    8dbcc8193ca2cfb9032c888f0f15b9090dc9d300

  • SHA256

    c08b423e60c81f76b67b49e29327e3d26a4efeeb9cfb014f2dd867a085cbcfaa

  • SHA512

    9b25de82b959af42b615c405b1ffabe5817e6428a9dfd4a394c1203168f92923f196b9afc898900bc7b64e977157ec8f26d58d44a2d811af6b0c7a8ddc062a93

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-4096-openssl-325.pem
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-4096-openssl-325.pem
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-4096-openssl-325.pem"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0c1dbcac2aee29510080ccc089386514

    SHA1

    b5a56a28876b7e2771446f2d1dc7ba8afe3755cf

    SHA256

    cc9c002e40be6550d1fa21318c08ec05e45071d22a9e924ac015f6e76c0aec8f

    SHA512

    f5b1cf97d8f4573352fa7138da9a90956025ca07109b30b819d3150334562634d0438a5e8db7566666192d8416c9ff4a1eb1c4971f5e3d076476cfbca857907b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.